High. Cisco CallManager versions prior to 4.3(1), 4.2(3), 4.1(3)SR4 and 3.3(5)SR3 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary script in the user's browser session. These weaknesses have been documented for Java applications in various secure programming sources, but there are few reports in CVE, which suggests limited awareness in most parts of the vulnerability research community. <. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. Protect the administrative/restricted functionality with a strong authentication mechanism. Detail. Visual truncation: Null character in URL prevents entire URL from being displayed in web browser. Other models may also be affected. Visual distinction: visual information might be presented in a way that makes it difficult for the user to quickly and correctly distinguish between critical and unimportant segments of the display. CWE-285: Improper Authorization. Attempting to guess the path of the administrative interface may be as simple as requesting: /admin or /administrator etc.. or in some scenarios can be revealed within seconds using Google dorks. The platform is listed along with how frequently the given weakness appears for that instance. Copyright © 2006-2021, The MITRE Corporation. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. Incorrect Provision of Specified Functionality, Insufficient Visual Distinction of Homoglyphs Presented to User, Improper Restriction of Rendered UI Layers or Frames, OWASP Top Ten 2021 Category A04:2021 - Insecure Design, http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/semantic-attacks.html, Cybersecurity and Infrastructure Security Agency, Homeland Security Systems Engineering and Development Institute, UI Misrepresentation of Critical Information, updated Potential_Mitigations, Time_of_Introduction, updated Maintenance_Notes, Relationships, Other_Notes, Taxonomy_Mappings. CWE-94 CWE-200. One of the components that is part of cpp-ethereum is a JSON-RPC server which exposes various APIs to manage client/node functionality. The different Modes of Introduction provide information about how and when this weakness may be introduced. An attacker armed with hardcoded API credentials from KL-001-2020-004 (CVE-2020-28329) can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. "filename.txt .exe"). . This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its . The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. This table shows the weaknesses and high level categories that are related to this weakness. updated Applicable_Platforms, Description, Maintenance_Notes, Name, Observed_Examples, Other_Notes, References, Relationships, Research_Gaps, updated Observed_Examples, References, Relationships, Type, updated Maintenance_Notes, Observed_Examples. From the CWE perspective, loss of confidentiality is a technical impact that can arise from dozens of different weaknesses, such as insecure file permissions or out-of-bounds read. This information is often useful in understanding where a weakness fits within the context of external information sources. 2. Insecure Admin Access . Details CPP-Ethereum is a C++ ethereum client, one of the 3 most popular clients for the ethereum platform. Insecure Admin Access . The use of excessive whitespace can also cause truncation, or place the potentially-dangerous indicator outside of the user's field of view (e.g. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. It can apply to any number of technologies and approaches, such as ActiveX controls, Java functions, IOCTLs, and so on. It is awaiting reanalysis which may result in further changes to the information provided. Insecure Admin Access . The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. IP filtering or 2FA are additional layers of security and, while they can be helpful, are not always possible or worthwhile. Misrepresentation problems are frequently studied in web browsers, but there are no known efforts for classifying these kinds of problems in terms of the shortcomings of the interface. <. If the admin portal requires authentication then it is, by definition, not "exposed". The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the software's users or administrators. In addition, many misrepresentation issues are resultant. This can be broken down into several different subtypes. More information is available — Please select a different filter. Variant - a weakness Miscellaneous -- Web browser allows remote attackers to misrepresent the source of a file in the File Download dialog box. CWE-451: User Interface (UI) Misrepresentation of Critical Information. If a CouchDB admin opens that attachment in a browser, e.g. Barco wePresent Admin Credential Exposure. CWE-285: Improper Authorization. Impact. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.
Precious Gem Artisan Crossword Clue, Limited Edition Scotty Cameron, Rarely Crossword Clue, Jordan 1 Hibbett Sports, Malondialdehyde Detection, Endemic Diseases Examples, Examples Of Clinical Manifestations,